CVE-2025-2759

NameCVE-2025-2759
DescriptionGStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25448.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gstreamer1.0 (PTS)bullseye1.18.4-2.1fixed
bullseye (security)1.18.4-2.1+deb11u1fixed
bookworm, bookworm (security)1.22.0-2+deb12u1fixed
sid, trixie1.26.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gstreamer1.0source(unstable)(not affected)

Notes

- gstreamer1.0 <not-affected> (GStreamer installation packages for non Linux OSes)

Search for package or bug name: Reporting problems